CVE-2013-6657
Description
core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.
Risk Information
Base Score
5.4
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.272
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Updates for Google Chrome (66.0.3359.170) | Windows |
| Updates for Google Chrome (x64) (66.0.3359.170) | Windows |
| Updates for Google Chrome (66.0.3359.181) | Windows |
| Updates for Google Chrome (x64) (66.0.3359.181) | Windows |
| Updates for Google Chrome (67.0.3396.62) | Windows |
| Updates for Google Chrome (x64) (67.0.3396.62) | Windows |
| Updates for Google Chrome (67.0.3396.79) | Windows |
| Updates for Google Chrome (x64) (67.0.3396.79) | Windows |
| Updates for Google Chrome (67.0.3396.87) | Windows |
| Updates for Google Chrome (x64) (67.0.3396.87) | Windows |
| Google Chrome (67.0.3396.99) | Windows |
| Google Chrome (x64) (67.0.3396.99) | Windows |
| Multiple vulnerabilities fixed in Chrome 33.0.1750.117 | Windows |
| Multiple vulnerabilities fixed in Chrome (x64) 33.0.1750.117 | Windows |
| Multiple vulnerabilities are fixed in Google Chrome for Mac 33.0.1750.117 | Mac |
| Updates for Google Chrome (66.0.3359.170) (For Ubuntu) | Linux |
| Updates for Google Chrome (66.0.3359.170) (For Debian) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For Debian) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For Debian) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For Debian) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For Debian) | Linux |
| Google Chrome (67.0.3396.99) (For Debian) | Linux |
| Multiple vulnerabilities fixed in Chrome 33.0.1750.117 (For Debian) | Linux |
| Updates for Google Chrome (66.0.3359.170) (For Centos) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For Centos) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For Centos) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For Centos) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For Centos) | Linux |
| Google Chrome (67.0.3396.99) (For Centos) | Linux |
| Multiple vulnerabilities fixed in Chrome 33.0.1750.117 (For Centos) | Linux |
| Updates for Google Chrome (66.0.3359.170) (For RedHat) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For RedHat) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For RedHat) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For RedHat) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For RedHat) | Linux |
| Google Chrome (67.0.3396.99) (For RedHat) | Linux |
| Multiple vulnerabilities fixed in Chrome 33.0.1750.117 (For RedHat) | Linux |
| Updates for Google Chrome (66.0.3359.170) (For Suse) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For Suse) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For Suse) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For Suse) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For Suse) | Linux |
| Google Chrome (67.0.3396.99) (For Suse) | Linux |
| Multiple vulnerabilities fixed in Chrome 33.0.1750.117 (For Suse) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For Ubuntu) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For Ubuntu) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For Ubuntu) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For Ubuntu) | Linux |
| Google Chrome (67.0.3396.99) (For Ubuntu) | Linux |
| Multiple vulnerabilities fixed in Chrome 33.0.1750.117 (For Ubuntu) | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-307513 | Updates for Google Chrome (66.0.3359.170) |
| PATCH-307515 | Updates for Google Chrome (x64) (66.0.3359.170) |
| PATCH-307534 | Updates for Google Chrome (66.0.3359.181) |
| PATCH-307535 | Updates for Google Chrome (x64) (66.0.3359.181) |
| PATCH-307607 | Updates for Google Chrome (67.0.3396.62) |
| PATCH-307608 | Updates for Google Chrome (x64) (67.0.3396.62) |
| PATCH-307641 | Updates for Google Chrome (67.0.3396.79) |
| PATCH-307644 | Updates for Google Chrome (x64) (67.0.3396.79) |
| PATCH-307660 | Updates for Google Chrome (67.0.3396.87) |
| PATCH-307662 | Updates for Google Chrome (x64) (67.0.3396.87) |
| PATCH-307715 | Google Chrome (67.0.3396.99) |
| PATCH-307716 | Google Chrome (x64) (67.0.3396.99) |
| PATCH-313038 | Google Chrome (80.0.3987.122) |
| PATCH-313039 | Google Chrome (x64) (80.0.3987.122) |
| PATCH-611995 | Google Chrome for Mac (140.0.7339.132 , 140.0.7339.133) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234